Merge pull request github#18326 from asgerf/js/shared-dataflow-bump

JS: Merge 'main' into shared dataflow branch

Author: asgerf

javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll

@@ -118,3 +118,23 @@ class MapSet extends SummarizedCallable {
     )
   }
 }
+
+class MapGroupBy extends SummarizedCallable {
+  MapGroupBy() { this = "Map#groupBy" }
+
+  override DataFlow::CallNode getACallSimple() {
+    result = mapConstructorRef().getAMemberCall("groupBy") and
+    result.getNumArgument() = 2
+  }
+
+  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
+    preservesValue = true and
+    (
+      input = "Argument[0].ArrayElement" and
+      output = ["Argument[1].Parameter[0]", "ReturnValue.MapValue.ArrayElement"]
+      or
+      input = "Argument[1].ReturnValue" and
+      output = "ReturnValue.MapKey"
+    )
+  }
+}

javascript/ql/lib/utils/test/InlineFlowTest.qll

@@ -11,7 +11,7 @@ private import semmle.javascript.frameworks.data.internal.ApiGraphModelsExtensio
 private import internal.InlineExpectationsTestImpl
 
 private module FlowTestImpl implements InputSig<Location, JSDataFlow> {
-  import testUtilities.InlineFlowTestUtil
+  import utils.test.InlineFlowTestUtil
 
   bindingset[src, sink]
   string getArgString(DataFlow::Node src, DataFlow::Node sink) {

javascript/ql/test/library-tests/Arrays/DataFlow.expected

@@ -18,6 +18,7 @@ flow
 | arrays.js:2:16:2:23 | "source" | arrays.js:90:10:90:10 | x |
 | arrays.js:2:16:2:23 | "source" | arrays.js:93:8:93:17 | arr.at(-1) |
 | arrays.js:2:16:2:23 | "source" | arrays.js:110:8:110:24 | arr8_spread.pop() |
+| arrays.js:2:16:2:23 | "source" | arrays.js:112:8:112:33 | arr.fin ... llback) |
 | arrays.js:18:22:18:29 | "source" | arrays.js:18:50:18:50 | e |
 | arrays.js:22:15:22:22 | "source" | arrays.js:23:8:23:17 | arr2.pop() |
 | arrays.js:25:15:25:22 | "source" | arrays.js:26:8:26:17 | arr3.pop() |
@@ -31,3 +32,8 @@ flow
 | arrays.js:97:9:97:16 | "source" | arrays.js:97:8:97:42 | ["sourc ... ).pop() |
 | arrays.js:100:31:100:38 | "source" | arrays.js:101:8:101:17 | arr8.pop() |
 | arrays.js:104:55:104:62 | "source" | arrays.js:106:8:106:25 | arr8_variant.pop() |
+| arrays.js:115:19:115:26 | "source" | arrays.js:116:50:116:53 | item |
+| arrays.js:115:19:115:26 | "source" | arrays.js:117:10:117:16 | element |
+| arrays.js:121:19:121:26 | "source" | arrays.js:122:46:122:49 | item |
+| arrays.js:121:19:121:26 | "source" | arrays.js:123:10:123:16 | element |
+| arrays.js:127:19:127:26 | "source" | arrays.js:128:55:128:58 | item |

javascript/ql/test/library-tests/Arrays/DataFlow.ql

@@ -21,6 +21,6 @@ deprecated class LegacyConfig extends DataFlow::Configuration {
   override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) }
 }
 
-deprecated import testUtilities.LegacyDataFlowDiff::DataFlowDiff<TestFlow, LegacyConfig>
+deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff<TestFlow, LegacyConfig>
 
 query predicate flow = TestFlow::flow/2;

javascript/ql/test/library-tests/Arrays/TaintFlow.expected

@@ -17,6 +17,7 @@ flow
 | arrays.js:2:16:2:23 | "source" | arrays.js:90:10:90:10 | x |
 | arrays.js:2:16:2:23 | "source" | arrays.js:93:8:93:17 | arr.at(-1) |
 | arrays.js:2:16:2:23 | "source" | arrays.js:110:8:110:24 | arr8_spread.pop() |
+| arrays.js:2:16:2:23 | "source" | arrays.js:112:8:112:33 | arr.fin ... llback) |
 | arrays.js:18:22:18:29 | "source" | arrays.js:18:50:18:50 | e |
 | arrays.js:22:15:22:22 | "source" | arrays.js:23:8:23:17 | arr2.pop() |
 | arrays.js:25:15:25:22 | "source" | arrays.js:26:8:26:17 | arr3.pop() |
@@ -32,3 +33,13 @@ flow
 | arrays.js:97:9:97:16 | "source" | arrays.js:97:8:97:42 | ["sourc ... ).pop() |
 | arrays.js:100:31:100:38 | "source" | arrays.js:101:8:101:17 | arr8.pop() |
 | arrays.js:104:55:104:62 | "source" | arrays.js:106:8:106:25 | arr8_variant.pop() |
+| arrays.js:115:19:115:26 | "source" | arrays.js:116:50:116:53 | item |
+| arrays.js:115:19:115:26 | "source" | arrays.js:117:10:117:16 | element |
+| arrays.js:121:19:121:26 | "source" | arrays.js:122:46:122:49 | item |
+| arrays.js:121:19:121:26 | "source" | arrays.js:123:10:123:16 | element |
+| arrays.js:127:19:127:26 | "source" | arrays.js:128:55:128:58 | item |
+| arrays.js:132:17:132:24 | source() | arrays.js:133:46:133:49 | item |
+| arrays.js:132:17:132:24 | source() | arrays.js:134:10:134:17 | element1 |
+| arrays.js:138:17:138:24 | source() | arrays.js:139:50:139:53 | item |
+| arrays.js:138:17:138:24 | source() | arrays.js:140:10:140:17 | element1 |
+| arrays.js:144:17:144:24 | source() | arrays.js:145:55:145:58 | item |

javascript/ql/test/library-tests/Arrays/TaintFlow.ql

@@ -21,6 +21,6 @@ deprecated class LegacyConfig extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) }
 }
 
-deprecated import testUtilities.LegacyDataFlowDiff::DataFlowDiff<TestFlow, LegacyConfig>
+deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff<TestFlow, LegacyConfig>
 
 query predicate flow = TestFlow::flow/2;